Data Visibility & Public Access
En resumen
A capability-driven visibility layer that decides what a public visitor, a logged-in member or a privileged role may read for every resource — backed by per-tenant public-field configuration, player privacy settings, role-based sensitive-field rules, an open-data API catalogue and SEO-friendly public pages with sitemap and JSON-LD.
Cómo funciona
Visibility is enforced at the API layer through a three-tier filter: public, member and sensitive. A @public decorator marks endpoints that an unauthenticated spectator can hit; everything else requires a principal. For each resource a PublicFieldConfig defines which fields are public by default, with admin CRUD over the configuration and an effective-view endpoint that shows the merged result of platform defaults plus tenant overrides. Scope_type tags differentiate global open data (world rankings, FIPJP federation directory, generic rules) from national open data (per-federation rankings, results, calendars, club and district directories), so a public reader on petanque.life sees the global view while a national federation site filters to its own scope_code.
For player records the model is more granular. PrivacySettings is embedded in PlayerProfile and lets the player toggle profile-visible, show-club, show-date-of-birth, show-ranking and show-results. The public-players endpoint enforces these flags before serialising any field. Sensitive fields are gated by SensitiveFieldRule with required_capability — for example reading a player's date of birth needs profile:read_dob, license number needs profile:read_license_number, contact details need profile:read_contact — so a club secretary sees more than a spectator without the visibility logic being scattered across handlers. The /player-profiles/{id}/visible-fields endpoint returns exactly what the calling principal can read, which the apps use to render forms without dead fields.
The open-data layer is its own product surface. GET /public/open-data exposes a catalogue of fourteen public endpoints — calendar, competitions, rankings, results, federation directory, venues — with cursor pagination on every list endpoint and a federation_code filter for nationally-scoped queries. The calendar is also delivered as an RFC 5545 iCalendar feed at /public/calendar/ical so external tools can subscribe. SEO is handled at /public/seo/sitemap.xml with federation, club, competition, venue and ranking pages, plus JSON-LD structured data (SportsOrganization, SportsEvent, Event, SportsActivityLocation) and Open Graph metadata so search engines and social platforms render rich previews.
Capacidades clave
- Public user role with @public decorator and metadata endpoint
- Per-resource PublicFieldConfig with admin CRUD, defaults and effective-view computation
- Global vs national scoping via scope_type for rankings, directory and results
- Player privacy settings (profile-visible, show-club, show-DOB, show-ranking, show-results)
- Capability-based sensitive-field gating with three-tier (public/member/sensitive) filter
- Open-data API catalogue (14 endpoints) with cursor pagination and federation_code filter
- RFC 5545 iCalendar feed for the public competition calendar
- SEO sitemap.xml plus JSON-LD structured data and Open Graph metadata
En la práctica
A sports journalist building a national rankings widget hits GET /public/open-data, picks the rankings endpoint, and pulls the latest results filtered by federation_code=SE. No login, cursor pagination, JSON envelope. He embeds the iCalendar feed in his newsroom calendar and starts getting auto-updates whenever the federation publishes a new fixture.
A few players notice his coverage and visit their own profiles — one toggles show-date-of-birth off in privacy settings, and her DOB disappears from the public profile within seconds. A club secretary, logged in with profile:read_contact, still sees the same player's email when working on registration, because the capability filter shows him the sensitive tier the journalist cannot reach.
Funcionalidades de este subsistema
8| ID | Status | Funcionalidades |
|---|---|---|
| F16.04.01 | Entregado | Public user role (unauthenticated access to public data) — spectator roll, @public decorator, metadata-endpoint ✅ PL-F1604a |
| F16.04.02 | Entregado | Per-resource public field configuration — PublicFieldConfig modell, admin CRUD, defaults, effektiv vy ✅ PL-F1604a |
| F16.04.03 | Entregado | Global public data: world rankings (scope_type=world), federation directory, rules (GET /public/rules) ✅ PL-F1604a |
| F16.04.04 | Entregado | National public data: national rankings (scope_type=national), results, club/district directory (federation_code-filter) ✅ PL-F1604a |
| F16.04.05 | Entregado | Player privacy settings (what's visible on public profile) — PrivacySettings embedded i PlayerProfile, GET/PUT /player-profiles/{id}/privacy-settings, GET /public/players/ respekterar profile_visible+visibility, GET /public/players/{id} respekterar show_club/show_date_of_birth/show_ranking/show_results, hidden profiles returnerar 404 ✅ PL-F1604b |
| F16.04.06 | Entregado | Capability-based field visibility (sensitive fields hidden by role) — GET /player-profiles/{id}/visible-fields med tre-tier-filter (public/member/sensitive via apply_role_filter), SensitiveFieldRule med required_capability (profile:read_dob, profile:read_license_number, profile:read_contact), tenant-specifika PublicFieldConfig-overrides ✅ PL-F1604b |
| F16.04.07 | Entregado | Public API for rankings, results, calendar (open data) — GET /public/open-data API-katalog med 14 endpoints, GET /public/calendar med federation_code-filter, GET /public/competitions med federation_code-filter, GET /public/calendar/ical RFC 5545 iCalendar-feed, cursor-paginering på alla listendpoints ✅ PL-F1604b |
| F16.04.08 | Entregado | SEO-friendly public pages (for discoverability) — GET /public/seo/sitemap.xml XML-sitemap med federation/club/competition/venue/ranking-sidor, JSON-LD structured data för federation (SportsOrganization), competition (SportsEvent), calendar-event (Event), venue (SportsActivityLocation), Open Graph metadata GET /public/seo/meta/{resource_type}/{id} för federation/club/competition/venue/calendar_event ✅ PL-F1604b |